Default outbound policy issue in RV220W

Hi There,
Anybody has experience that set the default outbound policy as block in access rules of rv220w? I configure my company router RV220W to block all outbound service traffic, just allow outbound service as : http, https, smtp, dns_tcp / udp. it works fine for some hours, the next day, the rules like expired, the https / smtp / DNS service fail to outgoing, only the http is still ok? What happen, any idea? Now I just set the default outbound policy as allow, all traffic can go out, but that is meaningless for a firewall device.

Anyone can help?

Similar Messages

Windows 8 and Default Domain Policy modification issue

Hi,
I'm unable to edit the default domain policy from my new Windows 8 desktop. It's the only Win8 in the environment so I'm not able to easily test another one unfortunately. The error I receive is:
Group Policy Error
Failed to open the Group Policy Object. You might not have the appropriate rights.
Details: The volume for a file has been externally altered so that the opened file is no longer valid.
I have checked from a Win7 and a 2003 machine and can access and edit the GPO without issue using the same account. The Win8 desktop is a fresh install with the RSAT tools installed, Exchange 2010 tools and a few basic applicaitons (non of which stick
out as having anything to do with AD management).
It only occurs if I click edit on the GPO. I'm able to successfully view the policy and edit the permissions etc. Have rebooted and the machine is current with patches as of now.
thanks
Andy
Cheers Andy

Hi,
According to your description, the issue only occurred when you click to edit the GPO. And only occurred on Windows 8. I would like suggest you to follow below suggestions to narrow down the issue:
1. Check out whether the issue only occurred to Default domain policy object.
2. Test on another new installed Windows 8 client with only RSAT installed.
3. Create another new account and add it to domain admin group to test again.
4. Run dcdiag on DCs to check out whether the replications work fine.
Hope this helps.
Regards,
Yan Li
If you have any feedback on our support, please click
here
Cataleya Li
TechNet Community Support

Gpupdate wont update because of Default Domain Policy

Hi Technet Community
I have just tried to do a gpupdate /force in the Command Prompt, but it has thrown an error up at me. Screenshot below :
I have gone into Group Policy Management and tracked the UID (which is displayed above starting with 31B2F340...) to be the same as the Default Domain Policy. Usually, I would do whatever I need to with Group Policy to get it working again, but I don't know
how to change this policy about, or whether I can delete the current one and recreate it?
Could anyone let me know what I can do to resolve this.
A restart does not resolve this issue, and if I leave the domain and re-join it, it still doesn't resolve it.
I'll try installing SP1 and see if it works, but no other Windows 7, 8 or 8.1 client computers seem to work either, with exactly the same error.
All users can still log in.
Thanks
Ed

Hi Technet Community
I have just tried to do a gpupdate /force in the Command Prompt, but it has thrown an error up at me. Screenshot below :
I have gone into Group Policy Management and tracked the UID (which is displayed above starting with 31B2F340...) to be the same as the Default Domain Policy. Usually, I would do whatever I need to with Group Policy to get it working again, but I don't know
how to change this policy about, or whether I can delete the current one and recreate it?
Could anyone let me know what I can do to resolve this.
A restart does not resolve this issue, and if I leave the domain and re-join it, it still doesn't resolve it.
I'll try installing SP1 and see if it works, but no other Windows 7, 8 or 8.1 client computers seem to work either, with exactly the same error.
All users can still log in.
Thanks
Ed

Default domain policy got corrupted and can't reverse to old system state?

Initially we had two servers which was 2003 and 2008, after adding additional two more servers (server 2012) in the network and then demoted the old servers. and that was quite while ago. after carefully looking a the default policy I have noticed that there
so many policies was applied on default policy object which led me to disable them and created a backup for both domain controller and the domain policy.
now the problem is stupidly run
dcgpofix thought it will restore the domain policy to it's original state but it did not instead it came up with an empty default policy template and inside there is no security policy which i can edit. However i did tried to restore the old policy which
i backed up but i get an access denied error.
Now i realise that the original default policy was from server 2003 and the current schema domain functional level is 2012. Currently
I can not login to any newly added computers to the domain via domain administrator account.
Please help! Is there any way to create a new default domain policy?

Hi thanks for your input,
but that doesn't resolves my issue. However I have managed to fix it by modifying the Default policy systemflags and then run the command gpfixup.exe /ignoreschema /target :domain.com.
and after that I was able to restore my old gp from earlier backup.

Broken Default Domain Policy! GPOFIX Doesn't work

Justin1250 wrote:
So I noticed that command prompt is open in the users directory.
Did you right click on the command window and run as administrator?
It should run from the system directory as an admin.Yes I did. I just made sure again to run it as admin. Same result.

I've spent hours and hours trying to fix this but can't. I seem to have located the problem where the default domain policy has lost is child associated with the GUID in AD/Registry. None of the tools seem to work, and I can't delete and recreate it because it thinks it doesn't exist and because Microsoft has engineered it to not be removable. This would be fine if it wasn't corrupted. I've read on some forums that the in-ability to delete a policy object is due to permissions issues. However, that isn't the issue in my case.I've tried THISwhich didn't work.I recently did a test migration to 2012 from 2003, and was hoping when I migrated the data that the GPO wouldn't transfer it's corrupted data, but I was wrong :-/The pictures below should illustrate more detail than I could describe.GPOFIX ToolActive Directory showing that the GUID...
This topic first appeared in the Spiceworks Community

Discrepancy in Default Domain Policy

Hello,
About 6 months ago we migrated from DC's running Windows 2003 R2 to Windows 2012 R2. At that time we raised our domain functional level to "Windows Server 2008 R2"
I am trying to audit my Group Policy and have found a problem I am unable to explain. I have installed RSAT tools on my local workstation, and I have been using it to view group policy to perform my audit. Everything was going fine until I came across:
"Default Domain Policy"
Computer Configuration\Policies\Windows Settings\Security Settings\Public Key Policies\Trusted Root Certification Authorities
However when I attempted to edit the policy to look at the settings, nothing is there, the certificate is just missing.
Furthermore, when I look in the Group Policy Management on the DC, It does not even show "Computer Configuration\Policies\Windows Settings\Security Settings\Public Key Policies\TrustedRoot Certification Authorities"
Can anyone explain to me the following:
1. Why does my local workstations RSAT tools show settings that are not reflected on the DC?
2. Why is my RSAT tools showing settings on a certificate the does not exist? Is it because there used to be a cert there when we were using 2k3 domain controllers, and the cert wasn't migrated?
3. How can I fix this so that my RSAT Group Policy Manager on my Workstations is synched with my Domain Controllers?
Thank You in advance for any assistance.
P.S. I had several pictures setup that made the explanation of all this much easier, but I was not allowed to add them because "Body text cannot contain images or links until we are able to verify your account."

I have made some interesting discoveries that I think may help future individuals, if they find this posting.
When looking at the picture in my original posting you see that the group policy points to:
"Computer Configuration\Policies\Windows Settings\Security Settings\Public Key Policies\Trusted
Root Certification Authorities"
So you would expect that you would navigate to the same path in the GPME (Group Policy Management Editor)
but it turns out, that is not the case, to edit these settings you must navigate to the following:
"Computer Configuration\Policies\Windows Settings\Security Settings\Public Key Policies" and
double-click on "Certificate Path Validation Settings"
I discovered this information using this technet article:
http://technet.microsoft.com/en-us/library/cc754841.aspx
Under "Managing Trusted Root Certificates for a Domain"
However this does not resolve my original issue, in that it does not explain the discrepancy between RSAT tools and the DC.
Well I have a friend who has almost an identical setup to mine at his company (he is using Server 2012 R1), he checked, and he saw the exact same scenario as I have.
I am unsure if this is by design or a bug in GPO. I would assume that if it was a bug that others would have discovered it by now and written about it, can anyone provide any insight?

Default Domain Policy Not Applying Settings to Servers or Clients

I have 2008 R2 DC's with a functioning level of 2003. Our domain servers are a mix of 2003, 2008, 2008 R2, and 2012 and our clients are a mix of Windows 7 Pro and Windows 8.1 Pro.
I recently made a change to the Default Domain Policy located at Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Local Policies -> Security Options
For the Security Policy setting called: Network security: Configure encryption types allowed for Kerberos
The change was to enable DES because of a specific need that I have with an application that I work with but enabling DES and leaving the other options such AES unselected caused other applications to not work right. I decided to revert the changes
back to "Not Defined" but those changes did not reflect on the servers even after running the gpupdate /force command.
In order to keep the application working that broke, we enabled all of the encryption levels such as DES, AES, etc. on the server that's running the application via it's Local Security Policy as a temporary fix.
Now, I want to make sure all servers receive the settings from the Default Domain Policy and have their Local Security Policies reflect the "Not Defined" setting but it's not applying. It seems like they worked when I first applied them but
when I try to remove them it does not work.
If I change the setting directly on the Local Security Policy on the server or clients it shows "No minimum" instead of "Not Defined" which I've heard can be fixed by identifying the registry entry for that setting and deleting it...so
help with the location and how to identify that key would also be helpful.
My goal is not to manually have to change servers and clients to revert back to their default settings...I want the Domain policy to apply and override the servers and client's Local Security Policy.
Any help with this would be greatly appreciated and thank you in advance.

I have 2008 R2 DC's with a functioning level of 2003. Our domain servers are a mix of 2003, 2008, 2008 R2, and 2012 and our clients are a mix of Windows 7 Pro and Windows 8.1 Pro.
I recently made a change to the Default Domain Policy located at Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Local Policies -> Security Options
For the Security Policy setting called: Network security: Configure encryption types allowed for Kerberos
refer:
http://technet.microsoft.com/en-us/library/jj852180(v=ws.10).aspx
We needed to implement a similar scenario a few years ago (when we introduced Windows7 into our estate).
We had an SAP/NetWeaver implementation which always worked on WinXP, but failed on Win7.
We had to enable the DES ciphers, since those were disabled by default in Win7. We discovered that we also needed to enable all the other ciphers (those which are enabled by default[not configured]).
i.e., when we changed the setting from "Not Configured", enabled DES, and left the RC4/AES stuff untouched by us, the RC4/AES stuff attracted a status of disabled.
So, we had to set the DES ciphers to Enabled, and, also set the RC4/AES ciphers to Enabled - this gave us the "resultant" enablement of the default stuff and the needed change/addition of DES.
When you set a GP setting "back to Not Configured", depending upon the setting *AND* the individual Windows feature itself - one of two things will happen:
a) the feature will "revert" to default behaviour
b) the feature will retain the current configured behaviour but becomes un-managed
In classic Group Policy terms, condition (b) above is often referred to as "tattooing", i.e., the last GP setting remains in effect even though GPMC/RSOP/etc does not reveal that to be the case.
(This is also a really good example of not doing this sort of stuff in the DDP. It could have borked your whole domain :)
What I'd suggest, is that you re-enable your ciphers for KRB settings again - this time, enable all the ciphers that would normally be "default", let that replicate around, and allow time for domain members to action it.
Then, set the setting back to Not Configured. This way, the "last" settings issued by GP will be those you want to remain as the "legacy".
Note: the GP settings reference s/sheet, has this to say:
Network security: Configure encryption types allowed for Kerberos
This policy setting allows you to set the encryption types that Kerberos is allowed to use.
If not selected, the encryption type will not be allowed. This setting may affect compatibility with client computers or services and applications. Multiple selections are permitted.
This policy is supported on at least Windows 7 or Windows Server 2008 R2.
Don
(Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

Query on default outbound mail poliy

Hi,
Is it possible on Ironport to drop all the outgoing mails to other than local domain by default. After this we Can create new policies above the default policy with some users who are allow to send e-mails to a particular domain?
For e.g:- I have a set of users who can send emails only to gmail other than the local domains and another set to send only to rediff.
Any help is highly appresiable.
Is this going to work on Ironport?

Hi Tharun,
just curious, are you sure outbound messages to your own domain get routed through the IronPort appliance? I would assume your mailsever just moves those between it's mailboxes. Anyways, to answer your question, basically you create another outbound mail policy with your local domain as sender. Then create a filter that only has a drop() action, and activate it in your Default Outbound Mail Policy (and only there!). So this way outbound recipients to your domain will use the new created mail policy that bypasses the filter, while every other domain will use the default policy, where the message gets dropped.
Hope that helps,
Andreas

Windows 2003 Password Policy Ignored in Default Domain Policy

Hi there I've a problem on my DC.
i set in the "default domain policy" the settings form the policy password lenght complexity etc etc..
When i RUN Group policy modelling simulation i cannot view the settings of Windows Settings\Security Settings\account policy\password policy
the scope of the GPO is Authenticated
the GPO seems to be ignored for the security settings but not for the other parameters like kerberos security.
Any Idea to solve this issue?

Hi Federico,
>>i cannot view the settings of Windows Settings\Security Settings\account policy\password policy
What do this mean? Does this mean that we can’t see the password policy in the modeling, or that we can’t see the change we made to the password policy? Besides, were there
error messages displayed in the modeling?
In addition, we can try running the Group Policy Modeling Wizard again to see if the issue persist.
Best regards,
Frank Shen

Group Policy issues

Hi All,
Am facing plenty of issues in Group policies.. Like when i run this command "gpresult /v" i could see the same policy applied in as thrice in applied group policy.. and that policy is default domain policy.. also trying to add one of intranet site
in Internet Group policy maintenance policy but its not reflected to users.. even i forced the policy.. Please advice me on this.
i have given the gpresult fyr.. some have a quick look and advice me accordingly.
Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001
Created On 3/6/2014 at 9:20:31 AM
RSOP data for OURDOMAIN\venkat2r on INBRLT141 : Logging Mode
OS Configuration: Member Workstation
OS Version: 6.1.7601
Site Name: N/A
Roaming Profile: N/A
Local Profile: C:\Users\venkat2r
Connected over a slow link?: No
USER SETTINGS
Last time Group Policy was applied: 3/6/2014 at 9:07:33 AM
Group Policy was applied from: INCHDC01.OURDOMAIN.com
Group Policy slow link threshold: 500 kbps
Domain Name: OURDOMAIN
Domain Type: WindowsNT 4
Applied Group Policy Objects
ourdomain_Policy_Customized
Global_Wallpaper
ourdomain_Policy_Customized
ourdomain_Policy_Customized
The following GPOs were not applied because they were filtered out
Local Group Policy
Filtering: Not Applied (Empty)
The user is a part of the following security groups
Everyone
BUILTIN\Administrators
BUILTIN\Users
NT AUTHORITY\INTERACTIVE
CONSOLE LOGON
NT AUTHORITY\Authenticated Users
This Organization
LOCAL
High Mandatory Level
The user has the following security privileges
Resultant Set Of Policies for User
Software Installations
N/A
Logon Scripts
N/A
Logoff Scripts
N/A
Public Key Policies
N/A
Administrative Templates
GPO: Global_Wallpaper
KeyName: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceActiveDesktopOn
Value: 1, 0, 0, 0
State: Enabled
GPO: ourdomain_Policy_Customized
KeyName: Software\Policies\Microsoft\Windows\Control Panel\Desktop\ScreenSaveTimeOut
Value: 54, 0, 48, 0, 48, 0, 0, 0
State: Enabled
GPO: Global_Wallpaper
KeyName: Software\Microsoft\Windows\CurrentVersion\Policies\System\Wallpaper
Value: 67, 0, 58, 0, 92, 0, 87, 0, 105, 0, 110, 0, 100, 0, 111, 0, 119, 0, 115, 0, 92, 0, 87, 0, 101, 0, 98, 0, 92, 0, 87, 0, 97, 0, 108, 0, 108, 0, 112, 0, 97, 0, 112, 0, 101, 0,
114, 0, 92, 0, 69, 0, 109, 0, 101, 0, 114, 0, 105, 0, 111, 0, 46, 0, 106, 0, 112, 0, 103, 0, 0, 0
State: Enabled
GPO: ourdomain_Policy_Customized
KeyName: Software\Policies\Microsoft\Internet Explorer\Control Panel\HomePage
Value: 1, 0, 0, 0
State: Enabled
GPO: ourdomain_Policy_Customized
KeyName: Software\Policies\Microsoft\Internet Explorer\Main\Start Page
Value: 104, 0, 116, 0, 116, 0, 112, 0, 58, 0, 47, 0, 47, 0, 115, 0, 116, 0, 97, 0, 114, 0, 46, 0, 101, 0, 109, 0, 101, 0, 114, 0, 105, 0, 111, 0, 99, 0, 111, 0, 114, 0, 112, 0, 46,
0, 99, 0, 111, 0, 109, 0, 47, 0, 83, 0, 105, 0, 110, 0, 103, 0, 97, 0, 112, 0, 111, 0, 114, 0, 101, 0, 47, 0, 100, 0, 101, 0, 102, 0, 97, 0, 117, 0, 108, 0, 116, 0, 46, 0, 97, 0, 115, 0, 112, 0, 120, 0, 0, 0
State: Enabled
GPO: ourdomain_Policy_Customized
KeyName: Software\Policies\Microsoft\Windows\Control Panel\Desktop\ScreenSaverIsSecure
Value: 49, 0, 0, 0
State: Enabled
GPO: Global_Wallpaper
KeyName: Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper
Value: 1, 0, 0, 0
State: Enabled
GPO: Global_Wallpaper
KeyName: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoThemesTab
Value: 1, 0, 0, 0
State: Enabled
GPO: Global_Wallpaper
KeyName: Software\Microsoft\Windows\CurrentVersion\Policies\System\WallpaperStyle
Value: 52, 0, 0, 0
State: Enabled
Folder Redirection
N/A
Internet Explorer Browser User Interface
GPO: ourdomain_Policy_Customized
Large Animated Bitmap Name: N/A
Large Custom Logo Bitmap Name: N/A
Title BarText: ourdomain
UserAgent Text: N/A
Delete existing toolbar buttons: No
Internet Explorer Connection
HTTP Proxy Server: N/A
Secure Proxy Server: N/A
FTP Proxy Server: N/A
Gopher Proxy Server: N/A
Socks Proxy Server: N/A
Auto Config Enable: No
Enable Proxy: No
Use same Proxy: No
Internet Explorer URLs
GPO: ourdomain_Policy_Customized
Home page URL: http://star.OURDOMAIN.com/Singapore/default.aspx
Search page URL: N/A
Online support page URL: N/A
Internet Explorer Security
Always Viewable Sites: N/A
Password Override Enabled: False
GPO: ourdomain_Policy_Customized
Import the current Content Ratings Settings: No
Import the current Security Zones Settings: Yes
Import current Authenticode Security Information: No
Enable trusted publisher lockdown: No
Internet Explorer Programs
GPO: ourdomain_Policy_Customized
Import the current Program Settings: No
Thanks, Venkatesh. "Hardwork Never Fails"

Hi,
Before going further, I have to admit that I made a mistake and Paul is right.
>>But i am not able to change the security settings in IE like adding sites in Trusted sites its grayed out.
If we don’t want to allow users to change this setting, we can configure this setting via native policy and the following blog can be referred to as reference.
Internet Explorer 10 – Add Sites To The Trusted Sites Zone With Group Policy
http://johnfail.wordpress.com/2013/11/07/internet-explorer-10-add-sites-to-the-trusted-sites-zone-with-group-policy/
If we want to allow users to change this setting, we can configure this setting via GPP Registry.
Regarding this point, the following thread can be referred to for more information.
Add Trusted Sites Via GPO but still allow users to add trusted sites
http://community.spiceworks.com/topic/326140-add-trusted-sites-via-gpo-but-still-allow-users-to-add-trusted-sites
Best regards,
Frank Shen

Missing Default Domain policy

Hi Experts,
i have strange issue, users are unable get the policy applied after investigating found out that the default domain policy is missing on dcs in one site, i have checked further for any events relation to journal wrapping to no avail, client pcs recwiving
this error below:
The processing of Group Policy failed. Windows attempted to read the file \\mydomain\SysVol\my
domain.local\Policies\
strange thing is that the replication is working, but only the sysvol replication not working, can someone please advice
OS: Windows 2012 R2

> The processing of Group Policy failed. Windows attempted to read the
> file \\mydomain\SysVol\my
> domain.local\Policies\
Replication via DFSR or FRS? Check both eventlogs then follow the action
in the events :)
Martin
Mal ein
GUTES Buch über GPOs lesen?
NO THEY ARE NOT EVIL, if you know what you are doing:
Good or bad GPOs?
And if IT bothers me - coke bottle design refreshment :))

Unable to edit Default Domain policy on Server 2012 R2 domain controller

Hello,
I recently built a Server 2012 R2 domain controller and added it to my domain. When trying to edit the default domain policy I get the following error:
I can make edits to other GPO objects. All the other domain controllers are Server 2008 and are able to edit that GPO. The issue is on the Server 2012 box only. I've checked the delegated permissions, I'm a domain admin, and have opened
GPMC as administrator. Does anyone know what I'm missing? Thank you for your time.
Tino

Hi Tino,
>>Could that be the problem?
I don't think so, for we can still use FRS to replicate Sysvol. However, it is recommended that we use DFSR to replicate Sysvol if our domain
function level is Windows Server 2008 or above.
Besides, we can follow the suggestions from the following thread to check out which replication mechanism we are using.
DFS-R on 2008 R2 by default?
http://social.technet.microsoft.com/Forums/windowsserver/en-US/8f2042d3-193d-4414-b9da-cbcedc6a4c32/dfsr-on-2008-r2-by-default?forum=winserverDS
If the Sysvol is replicated by FRS mechanism, as I suggested in the last reply, we can do a non-authoritative restore for the Sysvol on the new Windows
Server 2012. This will restore the Sysvol from a healthy DC.
To perform a nonauthoritative restore, stop the FRS service, configure the BurFlags registry key, and then restart the FRS service. To do so:
1. Click Start, and then click Run.
2. In the Open box, type cmd and then press ENTER.
3. In the Command box, type net stop ntfrs.
4. Click Start, and then click Run.
5. In the Open box, type regedit and then press ENTER.
6. Locate the following subkey in the registry:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup
7. In the right pane, double-click BurFlags.
8. In the Edit DWORD Value dialog box, type D2 and then click OK.
9. Quit Registry Editor, and then switch to the Command box.
10. In the Command box, type net start ntfrs.
11. Quit the Command box.
TechNet Subscriber Support
If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.
Hope it helps.
Best regards,
Frank Shen

How do I move the policy from Default domain policy to a custom policy.

I want to implement a new password policy. In the past we had a fairly loose policy, now I want to implement minimum length and complexity. I know how to set this up in Computer Config Policies windows settings security settings and account policies
password policy. However after I set it up I notice that it is not being applied. I have run gpupdate, and even waited several days but still it's not taking effect. I have created what im calling a custom gpo calling it "password policy".
It is situated under domains/mydomain.com . There are a number of other policies here.
When I run gpresult /h c:\temp\gpreport.html its all a bit confusing. It looks like it being applied but then further down it says under Group policies Applied GPOs Denied GPOs Pssword Policy mydomain.com empty. ??
But let me ask this first off .
The previous administrator I think has the password policy set up in the "default domain policy"
Is it possible that the default domain policy which IS indeed set differently is overriding my custom "password policy"
If this is so how can I make it so my custom password policy is applied over the default domain policy.
Or what other answers could it be.

Hi,
Based on your requirement you can create Fine Grained Password Policies.
This feature introduced in Windows Server 2008 allows you to override password policy set at the Default Domain Policy for specific users or groups.
Checkout the below link for creating Fine Grained Password Policies from GUI in Windows Server 2012,
http://blogs.technet.com/b/reference_point/archive/2013/04/12/fine-grained-password-policies-gui-in-windows-server-2012-adac.aspx
Regards,
Gopi
JiJi
Technologies

NIS+ default passwd policy, such as aging, length

How to set NIS+ default passwd policy, such as aging, length?
/etc/default/passwd only affect the local account. Where is the config file for NIS+? Is there a NIS+ table for the passwd policy?
If there is no config file or NIS+ table for such setting, where is the default value when a new user is added?
Message was edited by:
kdust

-- Second Update --
After policy installation I got several problems with PeopleSoft configuration. Which finally were solved.
1. Some URL's has to be defined as not enforced.
com.sun.am.policy.amFilter.notenforcedList[1]=/ps/images/*
com.sun.am.policy.amFilter.notenforcedList[2]=*.css
com.sun.am.policy.amFilter.notenforcedList[3]=*.ico
2. In versions older than PeopleSoft 8.4.2 the policy agent modified the file
/opt/fs/webserv/peoplesoft/applications/peoplesoft/PORTAL/WEB-INF/psftdocs/ps/configuration.properties to add the properties:
byPassSignon=TRUE
defaultUserid="DEFAULT_USER"
defaultPWD="your password"
signon_page=amsignin.html
signonError_page=amsignin.html
logout_page=amsignin.html
expire_page=amsignin.html
However, in the newer versions of PeopleSoft this properties are controled from the online Peoplesoft console. Which are set on:
PeopleTools --> WebProfile ---> WebProfileConfiguration --> [PROFILE] --> Security --> In section "Public Users" the parameters that has to be changed are:
Allow Public Access (cheked)
User ID : DEFAULT_USER
Password : your password
HTTP Session Inactivity : (SSO TIMEOUT)
and:
PeopleTools --> WebProfile ---> WebProfileConfiguration --> [PROFILE] --> Look and Feel -->
In section "SignOn/Logout" set the following values:
Signon Page : amsignin.html
Signon Error Page : amerror.html
Logout Page : amsignout.html
Note: After making any changes on the console; restart PIA (weblogic instance).
With this the SSO with PeopleSoft is working Ok.
Message was edited by:
LpzYlnd

SAP workflow not published / not reaching default outbound handler

Hi,
At Velocity event (october) we had a SAP ERP workflow configured for publishing to SharePoint; after triggering workflow instances, an XML payload document was successfully published to SharePoint.
Now, in the same environment; without changes on Duet Enterprise config level, publishing of task changes of that same workflow no longer publishes into SharePoint.
We executed the report jobs OSP_DELTA and OSP_FULL to make sure that the sync from SAP to SharePoint would be done / task changes are notified. The SAP workflows are delivered into the SAP inbox; but not published to SharePoint.
We added a breakpoint (internal + external) in the default outbound handler S_OSP_WF_PAT_DEFAULT_CH_OB; it is not invoked when we reach the workflow decision step that is published.
We inspected the SCL Logs, but didn't find any relevant log entries.
Any clue what can be wrong here; where to start with the problem analysis?
Best regards, William.

Hi Holger,
The error 'Users not maintained...' appears to be caused due lack of SAP permissions of the SAP account that is executing the report S_OSP_WF_ITEM_SELECTION; with another account we succesfully pass the 'GetNotifications' calls within that report; and actually now do get into the default outbound handler.
But still no task document published into SharePoint; the default outboundhandler faults on Send Action item; error details:
ERROR_CONTEXT>
<ERROR_INFO>ICF Error when sending the request: HTTPIO_ERROR_SEND_STATE-Fehlermeldung beim Senden der Daten.</ERROR_INFO>
- <CONSUMER_INFO>
<CONSUMER_PROXY>CO_OSPWACTION_ITEM_VI_DOCUMENT</CONSUMER_PROXY>
<LOGICAL_PORT>CO_OSPWACTION_ITEM_VI_DOCUMENT</LOGICAL_PORT>
<OPERATION_NAME>maintainActionItem</OPERATION_NAME>
<OPERATION_NAMESPACE>urn:ActionItemWsd/ActionItemVi/document</OPERATION_NAMESPACE>
<PROCESSING_UNIT>Sector 1: WS-Consumer</PROCESSING_UNIT>
<PROCESSING_MODE>Synchronous</PROCESSING_MODE>
<COMMUNICATION_TYPE>Remote</COMMUNICATION_TYPE>
<WORK_PROCESS_NUMBER>1</WORK_PROCESS_NUMBER>
<WORK_PROCESS_PID>25034814</WORK_PROCESS_PID>
<TERMINAL_NAME>C0269450</TERMINAL_NAME>
</CONSUMER_INFO>
- <TRANSPORT_INFO>
<PROTOCOL>HTTP/1.1</PROTOCOL>
<AUTHENTICATION_METHOD>BasicAuth</AUTHENTICATION_METHOD>
</TRANSPORT_INFO>
</ERROR_CONTEXT>
We want to check the settings of Consumer Proxy for Workflow (page 76 in deployment guide); however we don't see 'Connection Settings' entry in the SCL server.
--> 4. Select Connection Settings > SCL to Consumer > Configure Service Endpoint.
Regards, William.

Default outbound policy issue in RV220W

Similar Messages

Maybe you are looking for